GCHQ dragnet lawful, but law needs greater transparency

Parliament's intelligence committee report into security and privacy has concluded GCHQ's bulk interception of net traffic is not mass surveillance, and so permissible.

However, it also called for new umbrella laws to regulate the actives of spy agencies and provide greater transparency.

The Intelligence and Security Committee of Parliament (ISC) report, published on Thursday, concludes that although the UK's intelligence and security agencies are not seeking to circumvent the law, the legal framework they operate within is "unnecessarily complicated" and lacking in transparency - and therefore in need of revision.

The committee of nine MPs and peers recommended that current legislation governing the intrusive capabilities of the security and intelligence agencies ought to be replaced by a new, single Act of Parliament.

This new legal framework should be based on "explicit avowed capabilities", together with the authorisation procedures, privacy constraints, transparency requirements, targeting criteria, sharing arrangements, oversight, and other safeguards that apply to the use of those capabilities.

The most controversial of GCHQ surveillance programs involve dragnet collection of internet traffic. However, the parliamentarians concluded that bulk interception is not mass surveillance, and therefore permissible.

Given the recent controversy surrounding GCHQ’s bulk interception capability, we have scrutinised this in particular detail.

We have found that: GCHQ require access to internet traffic through bulk interception primarily in order to uncover threats, whether that might be cyber criminals, nuclear weapons proliferators or ISIL terrorists.

It needs to find patterns and associations, in order to generate initial leads.

This is an essential first step before the agencies can then investigate those leads through targeted interception.

GCHQ’s bulk interception systems involve three stages of targeting, filtering and selection. The spy agency itself published an overview of how this works earlier this week.

Parliamentary watchdogs at the ISC looked at this before concluding it's all necessary and proportionate, a finding likely to irk privacy advocates and other critics of GCHQ.